- An attacker drained about $2.1 million from Aztec Connect, a DeFi system that was retired in 2023.
- The current Aztec network and its users were not affected, according to Aztec Labs.
- The incident shows that old, unchangeable smart contracts can remain security targets while they still hold funds.
An older version of the Aztec privacy platform has been exploited for roughly $2.1 million, highlighting a difficult security problem for decentralized finance: a project can stop supporting a product while its smart contracts continue to operate on a blockchain.
According to reporting by Cointelegraph, the attack affected Aztec Connect, a DeFi bridge that was retired in March 2023. A bridge is a tool that helps users move or use crypto across different blockchain systems.
Aztec Labs said it was investigating the incident after funds were transferred from the old platform’s contract. The company also stated that the exploit did not affect users or assets on the current Aztec network.
Security researchers said the attacker found a mismatch between how Aztec Connect verified transactions and how those transactions were settled on Ethereum. In simple terms, the contract accepted transaction information in a way that allowed unsupported balances to be created and withdrawn.
The attacker reportedly repeated the method seven times across several assets. The stolen funds included 909 Ether, 270,000 DAI, 167 wrapped staked Ether and smaller amounts of other cryptocurrencies.
The case is unusual because Aztec Connect had already been deprecated, meaning the team had officially stopped developing and supporting it. Deposits were halted in 2023 as work shifted to the newer Aztec Network. However, the old contracts remained active and still held more than $2 million in assets.
Aztec Labs said it did not have administrative keys that could pause or upgrade the retired system. That reflects a core feature of some smart contracts: once deployed without upgrade controls, their code can continue running exactly as written. This can support decentralization, but it also limits a team’s ability to respond when a vulnerability is discovered later.
The incident is a reminder for DeFi teams to plan carefully for product shutdowns. Clear user warnings, migration tools, monitoring and efforts to remove remaining liquidity can reduce the value left exposed in old contracts. Users should also confirm that a protocol version is still actively supported before depositing or leaving assets in it.
Cointelegraph reported that at least $44 million had been stolen across crypto exploits so far in June, based on DeFiLlama data. The Aztec Connect loss is smaller than some recent incidents, but its broader lesson is important: retired blockchain software can still carry live financial risk.
